401 Unauthorized |
Missing/invalid Authorization header, or revoked API key |
Regenerate the key in Profile → API Keys; re-encode email:apiKey to Base64 |
404 Not Found on /{registerIdOrKey}/risk |
Register key or ID doesn't match a register in your workspace, or the register is archived |
Verify the key in the UI. Keys are case-sensitive |
riskLevel is missing from the response |
The risk has no impact or no probability set, or the register has no Risk Matrix configured |
Open the risk in the UI and set Impact + Probability. Verify the register's Risk Matrix has at least one band |
customFields is an empty array |
The register's layout has no user-defined custom fields, or the risk has no values set |
Add fields via Risk Register → Layout and set values per risk. System fields (impact / status / etc.) don't appear under customFields |
riskDesc / mitigationActions show as plain text but the UI shows formatting |
By design — rich-text is converted to plain text for API consumers |
If you need the raw rich-text form, contact your Kendis representative |
link custom field has name but no url |
The stored URL uses a scheme that isn't in the safe allow-list |
Update the link value in the UI to use http://, https://, or mailto: |
Pagination stops before total |
pageLimit is capped at 50 — iterate by incrementing startAt |
Loop with startAt += pageLimit until startAt >= total |